Pennsylvania adopts Corporate Governance Annual Disclosure (CGAD) filing requirement: a quick guide for your journey to compliance

As of Oct. 24, 2018, Pennsylvania joined the 25 other states in enacting the National Association of Insurance Commissioners (NAIC) Corporate Governance Annual Disclosure Model Act (Act) as part of passing Senate Bill (SB) 1205. The Act will require insurers to submit an annual filing regarding their corporate governance structure, including any policies and practices to better provide the insurance commissioner with a general understanding of the company’s corporate governance framework. The filing is due on June 1, each calendar year, with the first filing due June 1, 2020, and must be signed by the chief executive officer (CEO) or corporate secretary attesting to the implementation of the corporate governance practices at the company.

Unlike other model laws and specific state statues, (e.g. Own Risk and Solvency Assessment (ORSA) filing, internal audit requirements, management’s report of internal control over financial reporting, etc.), there are no exemptions or thresholds regarding size or type. In addition, the CGAD is intended to be more narrative in nature where the company has the opportunity to provide to the commissioner details regarding the governance framework and structure, including:

• Policies and practices of the board
• Board committees and senior management
• Oversight over critical risk areas

It is important to note that SB 1205 includes considerations of organization complexity, licensing status and premium volume when regulators will evaluate the extent and thoroughness of completion of the CGAD and the need to retain third party consultants to assist in evaluation. The SB 1205 also includes provisions for duplication of information. Therefore, you can cross reference if similar information has already been provided in other proxy statements, federal or state filings provided to the Pennsylvania department.

Included below is a high level summary of those requirements and best practice recommendations for implementation based on other insurance organizations that Baker Tilly has provided advisory and audit services and performed regulatory examinations on behalf of various state insurance departments:

Requirements for the board

• Roles and responsibilities of board and various board committees, how they are governed (i.e., bylaw, charter, informal mandate, etc.) and the rational for the size of the board
• Qualifications, expertise and independence (if applicable) of each board member and how they are nominated/elected for the board and its committees
• Number of board meeting s that occurred
• Information regarding the CEO and the chairman of the board’s roles and responsibilities

Implementing the requirement

• Identification or creation of key policies and procedures
• Revisit or create bylaws/charters and ensure size and independence of the board is appropriate
• Updated job descriptions for the CEO and chairman
• A.M. Best presentations
• Qualification listing that is maintained for all board members

Requirements for management

• Qualifications, expertise and integrity of officers and key persons in control functions.
• The company has a formalized code of conduct and ethics program
• Board’s overall responsibility in the oversight of management compensation and practices.
• The company’s succession planning process for CEO and senior management 

Implementing the requirement

• Develop or revisit suitability standards/job descriptions or requirements
• Develop or revisit the company’s code of conduct ensuring it meets the state of domiciles requirements and includes detail on performance evaluation, compensation and corrective action
•  Create a board compensation committee
• Develop or revisit the succession planning process and overall board involvement

Requirements for critical risk areas

• Responsibilities of the board, committees and senior management regarding oversight of the critical risk areas and what the company is doing to mitigate the risk
• Reporting responsibilities for each critical risk area and the risk management functions in place
• Strategic direction of the company and the associated risks  

Implementing the requirement

• Identification of the critical risk areas within the Company that are risk rated based on likelihood of occurrence and magnitude of impact and are presented to the Board
• Detail for each “critical risk” regarding the risk owner and risk management strategies
• Meeting minutes, formalized business plan, etc. documenting the strategic direction of the company and management’s goal for achievement
• Utilization of the ORSA summary report

Although, for Pennsylvania, the due date for filing is June 1, 2020, insurance companies should begin to assess their current corporate governance structure as implementing formalized policies, procedures and practices will take time. Internal audit can prove to be a significant aid in the identification of critical risks (and risk mitigation strategies), as, generally, annual formalized risk assessments are completed.

For more information on this topic, or to learn how Baker Tilly specialists can help, contact our team.